<?php
class Login
{
    private $username;
    private $password;
    private $loginok = false;
    private $blocked = false;
    private $leider = 0;
    private $admin = 0;
    private $beheerder = 0;
    private $id = 0;

    // sets the username and password
    function __construct($username, $password) {
        $this->username = $this->check_username($username);
        $this->password = $this->check_password($password);
        return $this->login();
    }

    // checks all the details and tries to log the user in
    public function login() {
       if(!$this->check_default())
       {
           if(allow_db_users && strlen($this->username) <= max_username_length && strlen($this->password) <= max_password_length)
           {
               $user_case = "";
               $pass_case = "";
               
               if(username_case)
                   $user_case = 'binary';
               if(password_case)
                   $pass_case = 'binary';
               
               if(pass_encrypt_onlogin && !password_allow_normal && strlen($this->password) != 40)
               {
                   $ps_pass = new PreparedStatement("UPDATE accounts SET password = ? WHERE $user_case username = ? && $pass_case password = ?;");
                   $ps_pass->setString(sha1($this->password));
                   $ps_pass->setString($this->username);
                   $ps_pass->setString($this->password);
                   $ps_pass->execute();
                   unset($ps_pass);
               }
               
               $ps = new PreparedStatement("SELECT * FROM accounts LEFT JOIN leiding ON accounts.accountid = leiding.accountid WHERE $user_case username = ? && ($pass_case password = ? || password = ?);");
               $ps->setString($this->username);
               if(password_allow_normal)
               {
                   $ps->setString($this->password);
               }
               else
               {
                   $ps->setString("");
               }
               if(password_allow_encrypt)
               {
                   $ps->setString(sha1($this->password));
               }
               else
               {
                   $ps->setString("");
               }
               $q = $ps->execute();
               unset($ps);
               $row = mysql_fetch_array($q);
               if(mysql_num_rows($q) == 1)
               {
                    $this->loginok = true;
                    $this->leider = $row['leidinggroepid'];
                    $this->admin = $row['admin'];
                    $this->beheerder = $row['beheerder'];
                    $this->id = $row['accountid'];
               }
           }
       }
       else
           $this->loginok = true;
    }
    
    public function get_id() {
        return $this->id;
    }
    
    // returns if the person is set as leider in the database
    public function get_leider() {
        return $this->leider;
    }
    
    // returns if the person is set as admin in the database
    public function get_admin() {
        return $this->admin;
    }
    
    public function get_beheerder() {
        return $this->beheerder;
    }

    // returns if the person's account is blocked
    public function get_blocked() {
        return $this->blocked;
    }

    // check if the user has successfully logged in
    public function check_loggedin() {
        return $this->loginok;
    }

    // returns the username specified with the constructor
    public function get_username() {
        return $this->username;
    }

    // functions open for additions in the future
    private function check_username($input) {
        return addslashes($input);
    }

    // functions open for additions in the future
    private function check_password($input) {
        return addslashes($input);
    }

    // checks if user tries to login with the default account in config/settings.php
    private function check_default() {
        $ips = explode(",", admin_ips);
        $cur_ip = $_SERVER['REMOTE_ADDR'];
        if(trim(admin_username) != '' && addslashes(trim($this->username)) == trim(admin_username) && addslashes(trim($this->password)) == trim(admin_password))
        {
            if(trim(admin_ips) == '')
            {
                $this->leider = false;
                $this->admin = 5;
                return true;
            }
            foreach($ips AS $ip)
            {
                $ip = trim($ip);
                if($cur_ip == $ip)
                {
                    $this->leider = false;
                    $this->admin = 5;
                    return true;
                }
            }
            return false;
        }
        else
            return false;
    }
}
?>